The Mac Observer

Skip navigational links

Choose text size: Select small text. Select medium text. Select large text.

Featured Article: Apple #3 Computer Company in US with 8.5% Market Share

Safari Suffers from "Carpet Bomb" Issue

by , 3:35 PM EDT, May 16th, 2008

It's possible for a maliciously crafted website to "carpet bomb" the Windows desktop or the Mac OS X Download destination folder with files according to Nitesh Dhanjani in his O'Reilly blog. Apple is aware of the issue.

The reason this can happen is because Safari can't be configured to block the download of every resource a website offers up. While this isn't strictly a vulnerability, it could be an annoyance or worse since Leopard users wouldn't see the effect right away.

Mr. Dhanjani reported that he raised the issue with the Apple security team who responded that it's not an issue they want to tackle at this time.

The issue is really related to the design of HTML and how some browsers work. Right now, it's probably not a huge concern, but history has proven that any time something like this gets put on the back burner, someone will try to figure out a way to exploit it.

In the meantime, the best course is always to be mindful of where one is surfing. A possible strategy is, when it's necessary to surf in unknown territory, to do it in a VM created by Parallels Desktop or VMware fusion and checkpoint the VM. If something goes wrong, one can always revert to the checkpoint or blow out the VM client completely, leaving Mac OS X unaffected. Firefox is the default browser in all current Linux distributions, a browser well known to most Mac users.

Observer Comments

Show: Subjects Only | Full Comments
Close Name:Sir Harry Flashman Posts: 651 Joined: 08 Feb 2007
Fri May 16, 2008 5:10 pm Subject: Folder watch action?

I think we could add a folder watch action to the designated downloads folder. That way we at least get an alert when files are downloaded.


 Reply | Quote
Comment on this Article

Show:   comments per page.   Save Settings
Guest Posts Hidden. View Them.
Back to top  Page 1 of 1    

You cannot edit your comments.   You cannot delete your comments.
Log in | Register | Having Problems? Reset TMO Cookies & Try Again
Username:   Password:   Log me on automatically each visit   

You are not logged in, and this post will appear as "Guest." Log in with your username and password from the TMO forums. If you do not have a username, you can register here.
Please note that guests are limited to including a maximum of two URLs per post.

Post A Comment
  Subject


  Your Comments



Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.

Recent Headlines - Updated Friday, July 18th, 2008

Fri., 4:30 PM
iPO Apple Store Spotlight - Bloomberg LP - Financial Information on Your iPhone
2:50 PM
iPO Just a Thought - Seven Days (and Counting) Trying to Get an iPhone
2:15 PM
AAPL Drops 3% in Afternoon Trading, Deferred Revenue Accounting Earning Attention
12:05 PM
iPO Review - Jensen JiMS-525i
11:05 AM
Apple in Art
10:40 AM
iPO Free on iTunes - AtomTV, Black In America, Strange Days on Planet Earth, & More
9:15 AM
TMO's DealsOnTheWeb.com - JBL On Stage II Speaker System w/RF Remote Control: $67.99 Delivered
8:20 AM
StrangeCharm - Particle Debris and a New iPhone (2G)
7:30 AM
TMO Quick Tip - Build Your Own Twitter Client
 

The Mac Observer Reader Specials
  • Special Report: WWDC 2008
  • Special Report: iPhone
  • __________
  • Help TMO Grow
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!
  • New Media Expo 2008

Apple Stock Quote

  • AAPL: $165.15. Change Today: -6.66.
  • (Prices delayed up to 20 minutes.)
  • Discuss in our Apple Finance Board

Hot Topics

What's the buzz? These articles have TMO readers talking.

Top Deals From DealsOnTheWeb